Vicious Panda
Vicious Panda is an APT or Advanced Persistent Threat believed to be in China and targeting nations such as Mongolia and other entities of interest to the Chinese government. Vicious Panda's campaigns specialize in espionage with significant psychological manipulation for gaining access to targets, such as crafting fake Coronavirus help documents and websites. Users should avoid unofficial resources for such purposes and let their anti-malware products remove Vicious Panda's RATs and other software as appropriate.
The Panda Attack that Rides on a Global Epidemic
China-based threat actors are scarcely new to the threat landscape, as the Ke3chang APT's Okrum trojan, Axiom's Mdmbot, and other examples attest. Despite not being a geographic novelty, the formerly-anonymous Vicious Panda is making waves due to its use of sensitive health news information for its attacks. The threat actor is turning the spread of the Coronavirus into an advantage by providing informational resources – but with dangerous content hidden inside.
Vicious Panda uses either crafted e-mails or websites for circulating RTF documents containing information about Coronavirus or COVID-19, such as global distribution statistics or nationally-localized updates. Samples available to our malware researchers are custom-made for each victim's region, such as being in the Mongolian language for Mongolian businesses. However, they contain vulnerabilities (using RoyalRoad, a prominent, China-favored exploitation tool) that compromise the victim's PC.
Vicious Panda may trick users into sharing passwords or other information, such as by spoofing websites and services. They also may exploit the presence of malicious software that the documents drop, such as Remote Access Trojans, for the expected purposes – such as downloading other trojans, taking screenshots, or monitoring active services.
Soothing a Bear without Risking Your Computer
Although its COVID-19 campaign is occurring adjacent to another set of attacks that leverage the disease for panic (CoronaVirus Ransomware, a trojan partner to KPOT Stealer), Vicious Panda is a long-term APT. Further attacks by these attackers may not follow the same general scams as current ones, and their limited C&C activity makes their overall habits and goals challenging analysis targets. Our malware experts, however, recommend taking standard protective steps against possibly dangerous documents, such as disabling macros, having all security patches, and scanning files before launching them.
Vicious Panda's current payloads contain limited symptoms. Despite the low-key nature of all RATs and backdoor trojans, somewhat visible attacks may coincide with Vicious Panda security problems. Users should stay attentive for unexpected requests for information from their computer when the source is unverifiable and asks for highly-sensitive data like passwords.
Anti-malware products with updated databases still have the best chances of removing Vicious Panda's trojans and related threats before any harm comes to your PC or the rest of its network, when applicable.
Plagues are social phenomena as they are biological ones. Vicious Panda is showing the threat landscape just how useful a good disaster can be to criminals who ride information right into places they don't belong.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.